Hacky Bird: Malware Infests Flappy Bird Alternatives

The mobile game "Flappy Bird" might be bad for you— and not just because of its soul-crushing combination of addictiveness and punishing difficulty. According to a new report, many "Flappy Bird" knockoffs on the Google Play store may be infested with malware.

Ever since the insanely popular "Flappy Bird" was pulled from the Apple App Store and Google Play, fans of the addictive mobile game have had to make do with the dozens of clones that popped up on the Google Play store in particular.

It turns out that many of these "Flappy Bird" knockoffs are bad eggs. According to security company McAfee, 79 percent of the 300 "Flappy Bird" clones it sampled had malware in them. And it's not just Flappy Bird: In its June 2014 Quarterly Threat Report, McAfee identifies a growing trend of malware either pretending to be a trusted app, or exploiting a flaw in a trusted app, in order to sneak up on unsuspecting users.

The malware hidden in "Flappy Bird" clones gave its operators a variety of capabilities on the infected devices. Hackers could make phone calls and send SMS messages, install more apps, and steal contact list data and geo-location data. Some of the apps were even able to secure root "superuser" access to the infected phones, which gives the malware operators almost full control over them.

And you thought the original "Flappy Bird" turned you into a mindless zombie!

Exploits of existing apps

It's not just malware-stuffed "Flappy Bird" clones you need to worry about, McAfee says. The company's June 2014 threat report goes on to identify instances of mobile malware, some disguised as apps, some not, that exploit flaws in legitimate, trusted Android apps. A Trojan called Android/Waller.A, for example, exploits a flaw in the digital wallet app Visa QIWI Wallet to transfer money into criminals' accounts instead of yours.

Android/Waller.A comes disguised as an update to Adobe Flash Player. That should be a red alert for savvy users— the Android platform uses HTML 5 instead of Adobe Flash Player for its media content, so unless you manually installed Flash, it won't be on your device. McAfee says Android/Waller.A sometimes disguises itself as other types of utility-based Android apps as well.

Another Trojan called Android/BadInst.A, disguises itself as a Japanese-language app on the Google Play Store. The app's permissions include the ability to access various other Google features. If you download this app, thereby implicitly granting it this permission, Android/BadInst.A uses those authorization tokens to download, install and launch more apps from the Google Play store without users' knowledge.

McAfee also highlighted a third malicious app, Android/Balloonpopper.A, which disguises itself as a harmless-looking game called "BalloonPop." The malware in this game exploits a now-patched flaw in the encryption of popular messaging app WhatsApp, allowing the operators of Balloonpopper.A to snoop on users' WhatsApp messages and pictures.

These various instances of piggybacking on established names in the mobile space, either via clones or exploits, helped increase the spread of Android malware earlier this year, McAfee says.

“We tend to trust the names we know on the internet and risk compromising our safety if it means gaining what we most desire,” McAfee Labs senior vice president Vincent Weafer said in a statement.

Running a good antivirus program on your Android device can help protect it from malware infection, even ones you actively download and install such as these disguised apps.